From 8e34786463bdb1f7725a728de408183b2870b16d Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 17 Sep 2007 16:48:14 +0000 Subject: [PATCH] * fhandler.cc (fhandler_base::open): Partly revert change from 2007-08-24: Call has_acls to avoid permission problems getting a handle to a file on a remote share. Add comment. --- winsup/cygwin/ChangeLog | 6 ++++++ winsup/cygwin/fhandler.cc | 12 +++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index db451fb35..0d533c222 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +2007-09-17 Corinna Vinschen + + * fhandler.cc (fhandler_base::open): Partly revert change from + 2007-08-24: Call has_acls to avoid permission problems getting + a handle to a file on a remote share. Add comment. + 2007-09-08 Brian Dessent * include/cygwin/config.h: Conditionalize inline __getreent() diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc index dadb90e2d..c7ba078e1 100644 --- a/winsup/cygwin/fhandler.cc +++ b/winsup/cygwin/fhandler.cc @@ -551,7 +551,17 @@ fhandler_base::open (int flags, mode_t mode) /* If the file should actually be created and ntsec is on, set files attributes. */ - if (allow_ntsec) + /* TODO: Don't remove the call to has_acls() unless there's a + solution for the security descriptor problem on remote samba + drives. The local user SID is used in set_security_attribute, + but the actual owner on the Samba share is the SID of the Unix + account. There's no transparent mapping between these accounts. + And Samba has a strange behaviour when creating a file. Apparently + it *first*( creates the file, *then* it looks if the security + descriptor matches. The result is that the file gets created, but + then NtCreateFile doesn't return a handle to the file and fails + with STATUS_ACCESS_DENIED. Go figure! */ + if (allow_ntsec && has_acls ()) { set_security_attribute (mode, &sa, sd); attr.SecurityDescriptor = sa.lpSecurityDescriptor;